diff options
| author | Eric Dumazet <edumazet@google.com> | 2017-06-07 13:34:37 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-06-08 10:53:28 -0400 |
| commit | f930103421f6579719b8252285c94c1195f6e032 (patch) | |
| tree | cb94c6b7a228ffa51760fbdd18c8d321402efe11 | |
| parent | eed29f17f09ad7f400bc245f209acad6a8214fac (diff) | |
tcp: Namespaceify sysctl_tcp_sack
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/netns/ipv4.h | 1 | ||||
| -rw-r--r-- | include/net/tcp.h | 4 | ||||
| -rw-r--r-- | net/ipv4/syncookies.c | 7 | ||||
| -rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 14 | ||||
| -rw-r--r-- | net/ipv4/tcp_input.c | 3 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 1 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 2 | ||||
| -rw-r--r-- | net/ipv6/syncookies.c | 2 |
8 files changed, 18 insertions, 16 deletions
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index cd686c4fb32d..bb02482ec821 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h | |||
| @@ -122,6 +122,7 @@ struct netns_ipv4 { | |||
| 122 | int sysctl_tcp_fin_timeout; | 122 | int sysctl_tcp_fin_timeout; |
| 123 | unsigned int sysctl_tcp_notsent_lowat; | 123 | unsigned int sysctl_tcp_notsent_lowat; |
| 124 | int sysctl_tcp_tw_reuse; | 124 | int sysctl_tcp_tw_reuse; |
| 125 | int sysctl_tcp_sack; | ||
| 125 | struct inet_timewait_death_row tcp_death_row; | 126 | struct inet_timewait_death_row tcp_death_row; |
| 126 | int sysctl_max_syn_backlog; | 127 | int sysctl_max_syn_backlog; |
| 127 | 128 | ||
diff --git a/include/net/tcp.h b/include/net/tcp.h index 0b0cfeefa05b..f9d2ce0ba676 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h | |||
| @@ -239,7 +239,6 @@ void tcp_time_wait(struct sock *sk, int state, int timeo); | |||
| 239 | /* sysctl variables for tcp */ | 239 | /* sysctl variables for tcp */ |
| 240 | extern int sysctl_tcp_timestamps; | 240 | extern int sysctl_tcp_timestamps; |
| 241 | extern int sysctl_tcp_window_scaling; | 241 | extern int sysctl_tcp_window_scaling; |
| 242 | extern int sysctl_tcp_sack; | ||
| 243 | extern int sysctl_tcp_fastopen; | 242 | extern int sysctl_tcp_fastopen; |
| 244 | extern int sysctl_tcp_retrans_collapse; | 243 | extern int sysctl_tcp_retrans_collapse; |
| 245 | extern int sysctl_tcp_stdurg; | 244 | extern int sysctl_tcp_stdurg; |
| @@ -520,7 +519,8 @@ u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th, | |||
| 520 | u16 *mssp); | 519 | u16 *mssp); |
| 521 | __u32 cookie_v4_init_sequence(const struct sk_buff *skb, __u16 *mss); | 520 | __u32 cookie_v4_init_sequence(const struct sk_buff *skb, __u16 *mss); |
| 522 | u64 cookie_init_timestamp(struct request_sock *req); | 521 | u64 cookie_init_timestamp(struct request_sock *req); |
| 523 | bool cookie_timestamp_decode(struct tcp_options_received *opt); | 522 | bool cookie_timestamp_decode(const struct net *net, |
| 523 | struct tcp_options_received *opt); | ||
| 524 | bool cookie_ecn_ok(const struct tcp_options_received *opt, | 524 | bool cookie_ecn_ok(const struct tcp_options_received *opt, |
| 525 | const struct net *net, const struct dst_entry *dst); | 525 | const struct net *net, const struct dst_entry *dst); |
| 526 | 526 | ||
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 6a32cb381877..b386e8592ffd 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
| @@ -232,7 +232,8 @@ EXPORT_SYMBOL(tcp_get_cookie_sock); | |||
| 232 | * return false if we decode a tcp option that is disabled | 232 | * return false if we decode a tcp option that is disabled |
| 233 | * on the host. | 233 | * on the host. |
| 234 | */ | 234 | */ |
| 235 | bool cookie_timestamp_decode(struct tcp_options_received *tcp_opt) | 235 | bool cookie_timestamp_decode(const struct net *net, |
| 236 | struct tcp_options_received *tcp_opt) | ||
| 236 | { | 237 | { |
| 237 | /* echoed timestamp, lowest bits contain options */ | 238 | /* echoed timestamp, lowest bits contain options */ |
| 238 | u32 options = tcp_opt->rcv_tsecr; | 239 | u32 options = tcp_opt->rcv_tsecr; |
| @@ -247,7 +248,7 @@ bool cookie_timestamp_decode(struct tcp_options_received *tcp_opt) | |||
| 247 | 248 | ||
| 248 | tcp_opt->sack_ok = (options & TS_OPT_SACK) ? TCP_SACK_SEEN : 0; | 249 | tcp_opt->sack_ok = (options & TS_OPT_SACK) ? TCP_SACK_SEEN : 0; |
| 249 | 250 | ||
| 250 | if (tcp_opt->sack_ok && !sysctl_tcp_sack) | 251 | if (tcp_opt->sack_ok && !net->ipv4.sysctl_tcp_sack) |
| 251 | return false; | 252 | return false; |
| 252 | 253 | ||
| 253 | if ((options & TS_OPT_WSCALE_MASK) == TS_OPT_WSCALE_MASK) | 254 | if ((options & TS_OPT_WSCALE_MASK) == TS_OPT_WSCALE_MASK) |
| @@ -319,7 +320,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) | |||
| 319 | tcp_opt.rcv_tsecr -= tsoff; | 320 | tcp_opt.rcv_tsecr -= tsoff; |
| 320 | } | 321 | } |
| 321 | 322 | ||
| 322 | if (!cookie_timestamp_decode(&tcp_opt)) | 323 | if (!cookie_timestamp_decode(sock_net(sk), &tcp_opt)) |
| 323 | goto out; | 324 | goto out; |
| 324 | 325 | ||
| 325 | ret = NULL; | 326 | ret = NULL; |
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 86957e9cd6c6..74718f8a0aa8 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
| @@ -379,13 +379,6 @@ static struct ctl_table ipv4_table[] = { | |||
| 379 | .proc_handler = proc_dointvec | 379 | .proc_handler = proc_dointvec |
| 380 | }, | 380 | }, |
| 381 | { | 381 | { |
| 382 | .procname = "tcp_sack", | ||
| 383 | .data = &sysctl_tcp_sack, | ||
| 384 | .maxlen = sizeof(int), | ||
| 385 | .mode = 0644, | ||
| 386 | .proc_handler = proc_dointvec | ||
| 387 | }, | ||
| 388 | { | ||
| 389 | .procname = "tcp_retrans_collapse", | 382 | .procname = "tcp_retrans_collapse", |
| 390 | .data = &sysctl_tcp_retrans_collapse, | 383 | .data = &sysctl_tcp_retrans_collapse, |
| 391 | .maxlen = sizeof(int), | 384 | .maxlen = sizeof(int), |
| @@ -1116,6 +1109,13 @@ static struct ctl_table ipv4_net_table[] = { | |||
| 1116 | .extra2 = &one, | 1109 | .extra2 = &one, |
| 1117 | }, | 1110 | }, |
| 1118 | #endif | 1111 | #endif |
| 1112 | { | ||
| 1113 | .procname = "tcp_sack", | ||
| 1114 | .data = &init_net.ipv4.sysctl_tcp_sack, | ||
| 1115 | .maxlen = sizeof(int), | ||
| 1116 | .mode = 0644, | ||
| 1117 | .proc_handler = proc_dointvec | ||
| 1118 | }, | ||
| 1119 | { } | 1119 | { } |
| 1120 | }; | 1120 | }; |
| 1121 | 1121 | ||
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 99ee707f0ef4..2eacfcaf1257 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
| @@ -78,7 +78,6 @@ | |||
| 78 | 78 | ||
| 79 | int sysctl_tcp_timestamps __read_mostly = 1; | 79 | int sysctl_tcp_timestamps __read_mostly = 1; |
| 80 | int sysctl_tcp_window_scaling __read_mostly = 1; | 80 | int sysctl_tcp_window_scaling __read_mostly = 1; |
| 81 | int sysctl_tcp_sack __read_mostly = 1; | ||
| 82 | int sysctl_tcp_fack __read_mostly; | 81 | int sysctl_tcp_fack __read_mostly; |
| 83 | int sysctl_tcp_max_reordering __read_mostly = 300; | 82 | int sysctl_tcp_max_reordering __read_mostly = 300; |
| 84 | int sysctl_tcp_dsack __read_mostly = 1; | 83 | int sysctl_tcp_dsack __read_mostly = 1; |
| @@ -3790,7 +3789,7 @@ void tcp_parse_options(const struct net *net, | |||
| 3790 | break; | 3789 | break; |
| 3791 | case TCPOPT_SACK_PERM: | 3790 | case TCPOPT_SACK_PERM: |
| 3792 | if (opsize == TCPOLEN_SACK_PERM && th->syn && | 3791 | if (opsize == TCPOLEN_SACK_PERM && th->syn && |
| 3793 | !estab && sysctl_tcp_sack) { | 3792 | !estab && net->ipv4.sysctl_tcp_sack) { |
| 3794 | opt_rx->sack_ok = TCP_SACK_SEEN; | 3793 | opt_rx->sack_ok = TCP_SACK_SEEN; |
| 3795 | tcp_sack_reset(opt_rx); | 3794 | tcp_sack_reset(opt_rx); |
| 3796 | } | 3795 | } |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 191b2f78b19d..3c475a2a8432 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -2465,6 +2465,7 @@ static int __net_init tcp_sk_init(struct net *net) | |||
| 2465 | net->ipv4.tcp_death_row.hashinfo = &tcp_hashinfo; | 2465 | net->ipv4.tcp_death_row.hashinfo = &tcp_hashinfo; |
| 2466 | 2466 | ||
| 2467 | net->ipv4.sysctl_max_syn_backlog = max(128, cnt / 256); | 2467 | net->ipv4.sysctl_max_syn_backlog = max(128, cnt / 256); |
| 2468 | net->ipv4.sysctl_tcp_sack = 1; | ||
| 2468 | 2469 | ||
| 2469 | return 0; | 2470 | return 0; |
| 2470 | fail: | 2471 | fail: |
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index e3aab1c1cf78..45c8e459db49 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -580,7 +580,7 @@ static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, | |||
| 580 | opts->options |= OPTION_WSCALE; | 580 | opts->options |= OPTION_WSCALE; |
| 581 | remaining -= TCPOLEN_WSCALE_ALIGNED; | 581 | remaining -= TCPOLEN_WSCALE_ALIGNED; |
| 582 | } | 582 | } |
| 583 | if (likely(sysctl_tcp_sack)) { | 583 | if (likely(sock_net(sk)->ipv4.sysctl_tcp_sack)) { |
| 584 | opts->options |= OPTION_SACK_ADVERTISE; | 584 | opts->options |= OPTION_SACK_ADVERTISE; |
| 585 | if (unlikely(!(OPTION_TS & opts->options))) | 585 | if (unlikely(!(OPTION_TS & opts->options))) |
| 586 | remaining -= TCPOLEN_SACKPERM_ALIGNED; | 586 | remaining -= TCPOLEN_SACKPERM_ALIGNED; |
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 4c0a047ec230..aa6443c6da19 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c | |||
| @@ -170,7 +170,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
| 170 | tcp_opt.rcv_tsecr -= tsoff; | 170 | tcp_opt.rcv_tsecr -= tsoff; |
| 171 | } | 171 | } |
| 172 | 172 | ||
| 173 | if (!cookie_timestamp_decode(&tcp_opt)) | 173 | if (!cookie_timestamp_decode(sock_net(sk), &tcp_opt)) |
| 174 | goto out; | 174 | goto out; |
| 175 | 175 | ||
| 176 | ret = NULL; | 176 | ret = NULL; |